These sinister Android Trojans target financial apps with over a billion downloads

Earlier this week, we covered a report that claimed Trojans on mobile devices were on the rise. Trojans are a specific type of malware that infects victims’ devices by masquerading as legitimate and trustworthy applications. Unfortunately, Trojans sometimes manage to sneak into the Google Play Store and infect victims’ Android devices before they are reported and removed.

Cybersecurity researchers have discovered a number of different Trojans in the wild that target various Android apps, and some of the most commonly targeted apps are financial apps. Financial apps can be reliable profit targets. Market research shows that 76% of Americans use banking apps for day-to-day financial tasks, meaning that Trojans that infect victims’ phones have the ability to compromise banking apps most often.

Trojans often exploit Android accessibility services to carry out malicious activities, such as stealing two-factor authentication (2FA) codes sent through text messages or keylogging to steal user credentials. account typed by the victim. However, when it comes to targeting financial apps, some trojans remove a page from the phishing manual and steal login credentials by overlaying fake login screens on legitimate financial app login screens.
Android Trojans Target Financial Apps 1 Billion Downloads
A report from Zimperium, a mobile security company, details just how widespread the targeting of financial apps by Trojans has become. Researchers analyzed ten different Trojans that are currently active in the wild and found that together they targeted 639 financial Android apps. These mobile banking, investing, payment, and cryptocurrency apps total just over a billion downloads from the Google Play Store. PhonePe, Binance, and Cash App, in that order, are the most downloaded apps targeted by the Trojans analyzed in the report.

The Trojans found in the report and the most popular applications they target are:

  • BianLian: Binance, Garanti BBVA Mobile, Ziraat Mobile, Akbank Mobile Banking, QNB Finansbank, Halkbank Mobil, İşCep – Mobile Banking, VakıfBank Mobil Bankacılık and Yapı Kredi Mobile
  • Cabasse: Barclays Mobile App, Commonwealth Bank, Halifax Mobile Banking, Lloyds Bank Mobile, Santander Mobile Banking, NatWest Mobile Banking, ANZ Australia, St. George Mobile Banking and Westpac Mobile Banking
  • Copy: BBVA Spain Online Banking, CaixaBankNow Mobile Banking, Commonwealth Bank, Santander Mobile Banking, ANZ Australia Mobile Banking, St. Geroge Mobile Banking, ING Australia Banking, TSB Mobile Banking and NAB Mobile Banking
  • EventBot: Barclays Mobile Banking, Intesa Sanpaolo Mobile, BancoPosta Mobile Banking, Banca MPS Mobile Banking, RelaxBanking Mobile, Barclaycard Mobile, Inbank Mobile Banking, Mediolanum Mobile Banking and WiZink, tu banco senZillo
  • ExobotCompact.D/Octo: PayPal, Binance, Cash App Mobile, Barclays Mobile Banking, BBVA Spain Online Banking, CaixaBankNow Mobile, Garanti BBVA Mobile, Ziraat Mobile and QNB Finansbank
  • FluBot: BBVA Spain Online Banking, CaixaBankNow Mobile, BBVA México Mobile, Santander Mobile Banking, Banco Sabadell App, Grupo Cajamar, Ibercaja Mobile Banking, ING España. Banca Movil and BBVA Net Cash ES & PT
  • Astonished: BBVA Spain Online Banking, CaixaBankNow Mobile, Garanti BBVA Mobile, Bziraat Mobile, Akbank Online Banking, QNB Finansbank, Halkbank Mobil, İşCep – Mobile Banking and VakıfBank Mobil Bankacılık
  • robot shark: Binance, BBVA Spain Online Banking, Coinbase and EVO Banco móvil
  • TheBot: PhonePe, Binance, Barclays Mobile, Postepay Mobile Banking,,, Bank of America Mobile Banking, Capital One Mobile and Coinbase
  • Xenomorph: BBVA Spain Online Banking, KBC Mobile, Belfius Mobile, Easy Banking App, ING Banking App, Imagin Banking App, Caixadirecta Mobile Banking, MB WAY Mobile and Grupo Cajamar
You can read Zimperium’s report to find a full list of the 639 financial apps targeted by these ten trojans.

Comments are closed.